The present invention relates in general to data network communication using routers to provide a secure access channel to authorized users, and, more specifically, to maintaining availability of a host computer to high priority users during times that excessive traffic or a malfunction would otherwise disrupt access.
Communications within TCP/IP-based data networks is of the connectionless type. In order to send computer data signals from one computer to another, the data signals are fragmented into packets. Each network packet is tagged with routing information such as a source address (of the originating computer) and a destination address (of the recipient computer). In the event that the destination address is not in the local network, it must typically be passed through one or more routers in order to reach the local network of the recipient. At the receiving end, the packets are reassembled into the intended communication signals.
A router typically includes a plurality of ports or interfaces, with each port or interface being connected to a respective local network or to another router. When a router receives a particular packet at one port, the packet is examined in order to determine which of the other ports it should be sent out from (if any). The most basic method, one which is currently used to handle most network traffic within the Internet, depends on routing tables maintained in each router. The destination IP address is compared to information in a routing table which maps IP addresses in various remote networks to respective ports of the router. Since any particular destination is potentially reachable by many different paths through the interconnected routers making up the internetwork, least-cost algorithms are employed in each router to determine the next hop to an adjoining router that a packet should take toward its final destination. Routers exchange status information that is maintained in each router for use in determining the best routes.
A more recent type of routing employs label switching wherein a routing path is determined prior to any particular packet reaching the beginning of the path (i.e., the ingress router). Instead of using an IP address, a label for the label switched path (LSP) is added to the packets according to the predetermined series of routers in the path. The label is examined at each hop in the path and compared to information from a label table maintained in each router to determine the destination port. At the last router in the LSP (i.e., the egress router), routing typically reverts to use of a routing table based on IP addressing.
Label switching is typically used in creating virtual private networks (VPN's) and to create channels for providing class of service (CoS). A primary example of conventional label switching is multi-protocol label switching (MPLS). Due to the administrative requirements to create and maintain a label switched path, LSP's are typically limited to operation within a particular network domain which is administered by a single entity. Routing of packets between network domains is normally handled using standard IP routing. Routing of traffic between most users and publicly-oriented web sites (e.g., search engines, news and weather sites, and merchant sites) also depends almost entirely upon standard IP routing.
Network-originated traffic routed to a particular host computer within a respective local network (using either label switching or standard IP addressing) must pass through a router directly connected to that local network (i.e., a border router). There is typically only one or a small number of border routers through which the host can be reached from a remote network. Overloading (i.e., flooding) of the border router(s) or other malfunctions can prevent or greatly slow down attempted connections to the host. Such flooding can result from a distributed denial of service (DDoS) attack, for example, wherein an attacker breaks into a large number of individual computers connected to the internetwork and places an attack program on them. The attack programs simultaneously transmit bogus data traffic to the host victim, resulting in a flood of network traffic at the border router, or other shared network resource (sometimes the access link, or traffic shaper, or other shared resource), which overwhelms the processing capacity of the router and denies access of legitimate users to the host.